Anton Gladky pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
de9e9f62 by Anton Gladky at 2023-03-31T21:36:03+02:00
Mark CVE-2019-6245 and CVE-2019-6247 as fixed in 1.3.0+dfsg1-5
- - - - -
6feb617f by Anton Gladky at 2023-03-31T21:37:10+02:00
Reserve DLA-3376-1 for svgpp
- - - - -
3 changed files:
- data/CVE/list
- data/DLA/list
- data/dla-needed.txt
Changes:
=====================================
data/CVE/list
=====================================
@@ -104104,7 +104104,6 @@ CVE-2021-44961 (A memory leakage flaw exists in the
class PerimeterGenerator of
CVE-2021-44960 (In SVGPP SVG++ library 1.3.0, the XMLDocument::getRoot
function in the ...)
- svgpp 1.3.0+dfsg1-5 (bug #1014599)
[bullseye] - svgpp <no-dsa> (Minor issue)
- [buster] - svgpp <no-dsa> (Minor issue)
NOTE: https://github.com/svgpp/svgpp/issues/101
NOTE:
https://github.com/svgpp/svgpp/commit/0bc57f2cc6d9d86a0fa1ce73e508c2b5994b4b91
CVE-2021-44959
@@ -293893,7 +293892,7 @@ CVE-2019-6250 (A pointer overflow, with code
execution, was discovered in ZeroMQ
CVE-2019-6248 (PHP Scripts Mall Citysearch / Hotfrog / Gelbeseiten Clone
Script 2.0.1 ...)
NOT-FOR-US: PHP Scripts Mall Citysearch / Hotfrog / Gelbeseiten Clone
Script
CVE-2019-6247 (An issue was discovered in Anti-Grain Geometry (AGG) 2.4 as
used in SV ...)
- - svgpp <unfixed> (unimportant; bug #919321)
+ - svgpp 1.3.0+dfsg1-5 (unimportant; bug #919321)
NOTE: https://github.com/svgpp/svgpp/issues/70
NOTE: Issue only in src:svgpp which does not call the AGG-API in
correct way.
NOTE: No security impact, only used to build examples, see #921097
@@ -293903,7 +293902,7 @@ CVE-2019-6246 (An issue was discovered in SVG++ (aka
svgpp) 1.2.3. After calling
CVE-2019-6245 (An issue was discovered in Anti-Grain Geometry (AGG) 2.4 as
used in SV ...)
{DLA-2872-1 DLA-1656-1}
- agg 1:2.4-r127+dfsg1-1 (low; bug #919322)
- - svgpp <unfixed> (unimportant; bug #919321)
+ - svgpp 1.3.0+dfsg1-5 (unimportant; bug #919321)
NOTE: https://github.com/svgpp/svgpp/issues/70
NOTE: Fixed in src:agg with: https://sourceforge.net/p/agg/svn/119/
NOTE: and possibly already fixed with the inclusion of
05-fix-recursion-crash.patch
=====================================
data/DLA/list
=====================================
@@ -1,3 +1,6 @@
+[31 Mar 2023] DLA-3376-1 svgpp - security update
+ {CVE-2019-6245 CVE-2019-6247 CVE-2021-44960}
+ [buster] - svgpp 1.2.3+dfsg1-6+deb10u1
[31 Mar 2023] DLA-3375-1 xrdp - security update
{CVE-2022-23480 CVE-2022-23481 CVE-2022-23482}
[buster] - xrdp 0.9.9-1+deb10u3
=====================================
data/dla-needed.txt
=====================================
@@ -291,10 +291,6 @@ sssd
NOTE: 20230131: Programming language: C.
NOTE: 20230205: VCS: https://salsa.debian.org/lts-team/packages/sssd.git
--
-svgpp (gladk)
- NOTE: 20230322: Programming language: C++.
- NOTE: 20230322: VCS: https://salsa.debian.org/debian/svgpp.git
---
systemd (Adrian Bunk)
NOTE: 20230304: Programming language: C.
NOTE: 20230304: VCS: https://salsa.debian.org/lts-team/packages/systemd.git
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/6e99681b66d193025dcb6c7bec6eefe7e84118c3...6feb617f5b61d124076a91a5fa1d2de356fcaf62
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/6e99681b66d193025dcb6c7bec6eefe7e84118c3...6feb617f5b61d124076a91a5fa1d2de356fcaf62
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
